ASCII Hex to Binary

I often come across shellcode in the form of ASCII hex, that I want to disassemble in order to find the corresponding assembly instructions, so I can understand how the shellcode operates. Although I can lookup up the assembly instructions for each opcode or set of opcodes, this is very tedious. So I wrote a simple VB script that takes the opcodes (and ignores \x and other irrelevant punctuation) and produces a binary file (with a .txt extension, why not?) which I can then input into a disassembler. I can also put the bytes in the output binary file in a code cave of a program, and then disassemble the code cave.

Here is the VB script, which I named ASCIIHexToBinary.vbs:

'This script takes shellcode (opcodes) in ASCII form
'and translates them to binary.
'The binary file produced can be fed to a dissasembler
'to get the corresponding assembly instructions.
'
'Valid hex characters are 0-9, A-F, a-f.
'Every other character is invalid.
'
'Specs:
'
'The script ignores invalid characters.
'Two consecutive hex characters will be translated 
'to their binary byte equivalent.
'
'One opcode is two hex characters long.
'The script assumes that the input file always contains
'an even number of hex characters in every line.
'(That means: the script assumes that an opcode
'never wraps on the next line.)
'
'Sample input file:
'
'616263 6465 66 ABcDEF
'
'67.6869
'
'\x70 \x71\x72 \xaC\x5C
'
'Spaces, empty lines, new line characters,
'dots, \x etc. will be ignored.

Option Explicit
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Dim fs, inputFile, outputFile
Dim inputBuffer, tempChar, hexBuffer, outputByte, i

Set fs = CreateObject("Scripting.FileSystemObject")

Set inputFile = fs.OpenTextFile("C:\SomeInputFile.txt", ForReading)
Set outputFile = fs.OpenTextFile("C:\SomeOutputFile.txt", ForWriting, True)

Do While Not inputFile.AtEndOfStream

   inputBuffer = inputFile.ReadLine

   hexBuffer = ""

   for i = 1 to len(inputBuffer)

      tempChar = mid(inputBuffer,i,1)

      if tempChar = "0" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "1" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "2" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "3" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "4" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "5" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "6" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "7" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "8" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "9" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "A" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "B" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "C" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "D" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "E" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "F" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "a" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "b" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "c" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "d" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "e" then
         hexBuffer = hexBuffer & tempChar
      end if
      if tempChar = "f" then
         hexBuffer = hexBuffer & tempChar
      end if

   next
 
   for i = 1 to len(hexBuffer) step 2

      outputByte = chr(38) & "H" & mid(hexBuffer,i,2)
      outputFile.Write chr(outputByte)

   next

Loop

inputFile.Close
outputFile.Close

Set fs = Nothing

Be careful, because the way I coded the script, no checks are performed. The shellcode is in C:\SomeInputFile.txt and the script creates the binary file C:\SomeOutputFile.txt. If the latter file already exists, it will be overwritten. So, be extra careful when using this script.

Advertisements

About Dimitrios Kalemis

I am a systems engineer specializing in Microsoft products and technologies. I am also an author. Please visit my blog to see the blog posts I have written, the books I have written and the applications I have created. I definitely recommend my blog posts under the category "Management", all my books and all my applications. I believe that you will find them interesting and useful. I am in the process of writing more blog posts and books, so please visit my blog from time to time to see what I come up with next. I am also active on other sites; links to those you can find in the "About me" page of my blog.
This entry was posted in Security. Bookmark the permalink.